import yajl-2.1.0-11.el8

This commit is contained in:
CentOS Sources 2022-09-27 08:49:01 -04:00 committed by Stepan Oksanichenko
parent 5ebb3f0614
commit e42fc2ed0e
2 changed files with 68 additions and 10 deletions

View File

@ -0,0 +1,54 @@
From 49923ccb2143e36850bcdeb781e2bcdf5ce22f15 Mon Sep 17 00:00:00 2001
From: John Hawthorn <john@hawthorn.email>
Date: Wed, 2 Mar 2022 14:17:59 -0800
Subject: [PATCH] Check need < buf->used
We're guaranteed a power of 2 so that this becomes 0, but we might as
well use a check for overflow that works in more cases.
Unsigned integer overflow is defined behaviour, so this should be safe.
(cherry picked from commit 36410d536b676e836637bb20574a56ebc920eb83)
---
src/yajl_buf.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/yajl_buf.c b/src/yajl_buf.c
index 1aeafde0..8bd1bea7 100644
--- a/src/yajl_buf.c
+++ b/src/yajl_buf.c
@@ -30,7 +30,7 @@ struct yajl_buf_t {
};
static
-void yajl_buf_ensure_available(yajl_buf buf, size_t want)
+int yajl_buf_ensure_available(yajl_buf buf, size_t want)
{
size_t need;
@@ -46,11 +46,15 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
need = buf->len;
while (want >= (need - buf->used)) need <<= 1;
+ if (need < buf->used) {
+ return -1;
+ }
if (need != buf->len) {
buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
buf->len = need;
}
+ return 0;
}
yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc)
@@ -70,7 +74,8 @@ void yajl_buf_free(yajl_buf buf)
void yajl_buf_append(yajl_buf buf, const void * data, size_t len)
{
- yajl_buf_ensure_available(buf, len);
+ if (yajl_buf_ensure_available(buf, len))
+ return;
if (len > 0) {
assert(data != NULL);
memcpy(buf->data + buf->used, data, len);

View File

@ -1,9 +1,11 @@
%undefine __cmake_in_source_build
%global _vpath_builddir build
Name: yajl
Version: 2.1.0
Release: 10%{?dist}
Release: 11%{?dist}
Summary: Yet Another JSON Library (YAJL)
Group: Development/Libraries
License: ISC
URL: http://lloyd.github.com/yajl/
@ -21,8 +23,9 @@ Patch1: %{name}-%{version}-pkgconfig-location.patch
Patch2: %{name}-%{version}-pkgconfig-includedir.patch
Patch3: %{name}-%{version}-test-location.patch
Patch4: %{name}-%{version}-dynlink-binaries.patch
Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gcc
BuildRequires: cmake
%package devel
@ -48,21 +51,18 @@ necessary for developing against the YAJL library
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build
# NB, we are not using upstream's 'configure'/'make'
# wrapper, instead we use cmake directly to better
# align with Fedora standards
mkdir build
cd build
%cmake ..
make VERBOSE=1 %{?_smp_mflags}
%cmake
%cmake_build
%install
rm -rf $RPM_BUILD_ROOT
cd build
make install DESTDIR=$RPM_BUILD_ROOT
%cmake_install
# No static libraries
@ -96,6 +96,10 @@ cd test
%changelog
* Wed Apr 27 2022 Jindrich Novy <jnovy@redhat.com> - 2.1.0-11
- fix CVE-2022-24795
- Related: #2061390
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild